Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow computer, cant view web pages, random pop ups........

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 1st, 2008, 2:29 pm

Hello-

Having these problems with my computer:
1.Slow performance
2.cant view web pages
3.Web pages fail to load and are not responding
4.random pop ups of all sorts of advertisements from NFL fantasy sighups, to antivirus to adult dating sites.
5.IE is running even though i am not on IE and the browser is not displayed at all.
6.Windows automatic updates can not be turned on, thus security alerts are not funcitoning properly.

I downloaded Adaware and scanned but to no avail. Was told to get hijackthis and i am not sure what to delete to get rid of this virus. I have some sort of Trojan im sure and need help!!!

here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:17 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Quick Macros 2\qm.exe
C:\Program Files\Common Files\AOL\1199825891\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1199825891\ee\AOLDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
\Emachine\c\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GT4016
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GT4016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=208.53.154.125:8500
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199825891\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [ac72b3b3] rundll32.exe "C:\WINDOWS\system32\nexorofd.dll",b
O4 - HKLM\..\Run: [BMaf41802f] Rundll32.exe "C:\WINDOWS\system32\jmsydwrs.dll",s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-1309149848-2915700245-1532105746-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-1309149848-2915700245-1532105746-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1309149848-2915700245-1532105746-501\..\Run: [MS Juan] rundll32 "C:\WINDOWS\system32\emuymr.dll",run (User 'Guest')
O4 - HKUS\S-1-5-21-1309149848-2915700245-1532105746-501\..\Run: [ac72b3b3] rundll32.exe "C:\WINDOWS\system32\fkefwrvb.dll",b (User 'Guest')
O4 - HKUS\S-1-5-21-1309149848-2915700245-1532105746-501\..\Run: [BMaf41802f] Rundll32.exe "C:\WINDOWS\system32\einikbln.dll",s (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Owner\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Up ... b57176.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/Ac ... Player.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-L ... uncher.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b75411.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qhaxdc.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\agi\common\agservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 13449 bytes
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm
Advertisement
Register to Remove

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 1st, 2008, 8:57 pm

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 1st, 2008, 9:17 pm

Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bodog Poker Version 2.16.1.52
Browser Address Error Redirector
Digital Media Reader
DVD Solution
Full Tilt Poker
Gamevance
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kiwee Toolbar
LimeWire 4.16.7
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
OpenOffice.org Installer 1.0
Pegasus Software SmartScanICR 3.0
PokerStars
Power2Go 4.0
PowerDVD
Quick Macros 2
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Remote Administrator v2.1
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
Sonic Encoders
Super TextTwist
Swarmcast for MLB-TV-Mosaic
TextPad 4.7
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Window Washer
Windows Backup Utility
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 2nd, 2008, 7:57 am

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
LimeWire 4.16.7


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

You must go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you do not wish to remove your P2P programs, please tell me and this topic will be closed.

Please post a new Hijackthis log on your next reply if you chose to remove Bittorrent and Limewire.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 2nd, 2008, 8:28 pm

Ok Michael,

I uninstalled Limewire but i didnt see Bittorrent in the control panel. Let me know if i need to delete that or if it was deleted with Limewire. Here is the new Hijackthis list:

Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bodog Poker Version 2.16.1.52
Browser Address Error Redirector
Digital Media Reader
DVD Solution
Full Tilt Poker
Gamevance
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kiwee Toolbar
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
OpenOffice.org Installer 1.0
Pegasus Software SmartScanICR 3.0
PokerStars
Power2Go 4.0
PowerDVD
Quick Macros 2
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Remote Administrator v2.1
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
Sonic Encoders
Swarmcast for MLB-TV-Mosaic
TextPad 4.7
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Window Washer
Windows Backup Utility
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 4th, 2008, 7:35 am

Download and Run ComboFix

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found here.
    The ones that need to be closed/disabled are:

    AVG

  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 6th, 2008, 12:24 pm

Here is the combofix log:

ComboFix 08-10-05.10 - Owner 2008-10-06 11:16:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.360 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
/wow section not completed

((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-04 11:14 . 2008-10-04 11:15 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Move Networks
2008-10-04 10:52 . 2008-10-04 10:52 3,072 --a------ C:\Documents and Settings\Guest\~.exe
2008-10-01 12:35 . 2008-10-05 12:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-01 12:27 . 2008-10-05 23:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-01 12:27 . 2008-10-01 12:27 <DIR> d-------- C:\Program Files\AVG
2008-10-01 12:27 . 2008-10-01 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 12:27 . 2008-10-01 12:27 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-01 12:27 . 2008-10-01 12:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-01 12:27 . 2008-10-01 12:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-01 11:42 . 2008-10-01 11:42 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-01 11:42 . 2008-10-01 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-01 11:41 . 2008-10-01 11:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 11:08 . 2008-10-03 11:11 1,137,218 ---hs---- C:\WINDOWS\system32\dforoxen.ini
2008-10-01 11:05 . 2008-10-01 11:12 885,478 --ahs---- C:\WINDOWS\system32\yaKmmUvw.ini
2008-10-01 11:05 . 2008-10-01 11:11 884,733 --ahs---- C:\WINDOWS\system32\yaKmmUvw.ini2
2008-09-30 20:28 . 2008-09-30 20:28 123,904 --a------ C:\WINDOWS\system32\lhydglqx.dll
2008-09-30 20:28 . 2008-09-30 20:28 123,904 --a------ C:\WINDOWS\system32\icumaz.dll
2008-09-30 20:25 . 2008-10-01 00:50 994,344 --ahs---- C:\WINDOWS\system32\awkaljxt.ini
2008-09-29 20:20 . 2008-09-29 22:54 992,803 --ahs---- C:\WINDOWS\system32\bvrwfekf.ini
2008-09-29 20:20 . 2008-09-29 20:20 123,904 --a------ C:\WINDOWS\system32\ywkbdvbu.dll
2008-09-29 20:20 . 2008-09-29 20:20 123,904 --a------ C:\WINDOWS\system32\emuymr.dll
2008-09-29 20:20 . 2008-09-29 20:20 101,888 --a------ C:\WINDOWS\system32\einikbln.dll
2008-09-28 20:20 . 2008-09-29 15:07 988,672 --ahs---- C:\WINDOWS\system32\xithpyth.ini
2008-09-28 17:41 . 2008-09-28 18:57 988,681 --ahs---- C:\WINDOWS\system32\vbakihxg.ini
2008-09-27 22:00 . 2008-10-05 16:55 113,020 --a------ C:\WINDOWS\BMaf41802f.xml
2008-09-27 22:00 . 2008-10-03 16:55 22 --a------ C:\WINDOWS\pskt.ini
2008-09-26 20:20 . 2008-09-30 17:42 992,812 --ahs---- C:\WINDOWS\system32\aotkuorl.ini
2008-09-26 18:17 . 2008-10-01 18:21 9,932 --ahs---- C:\WINDOWS\system32\dNVFNqss.ini2
2008-09-26 18:17 . 2008-10-01 18:22 9,932 --ahs---- C:\WINDOWS\system32\dNVFNqss.ini
2008-09-25 12:47 . 2008-10-06 08:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-09-25 12:47 . 2008-09-25 12:47 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-25 12:43 . 2008-09-25 12:43 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-25 12:40 . 2008-09-25 12:40 <DIR> d-------- C:\Program Files\Sun
2008-09-22 22:14 . 2008-09-22 22:14 <DIR> d-------- C:\Program Files\Gamevance
2008-09-16 16:11 . 2008-09-25 16:32 <DIR> d-------- C:\Program Files\Bodog Poker
2008-09-15 14:11 . 2008-09-25 12:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-13 10:16 . 2008-09-13 10:16 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\agi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 15:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-10-05 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-03 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-10-03 00:22 --------- d-----w C:\Program Files\LimeWire
2008-10-02 17:47 --------- d-----w C:\Program Files\Radmin
2008-10-02 01:14 --------- d-----w C:\Program Files\Hotmail Reader
2008-10-02 01:10 --------- d-----w C:\Program Files\AFF Mail Reader OCR
2008-09-28 03:39 --------- d-----w C:\Program Files\PokerStars
2008-09-28 03:38 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-28 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-09-25 17:43 --------- d-----w C:\Program Files\Skype
2008-09-25 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-25 17:40 --------- d-----w C:\Program Files\Java
2008-09-09 21:33 --------- d-----w C:\Program Files\Microsoft Works
2008-08-26 03:01 --------- d-----w C:\Program Files\Odds Maker
2008-08-20 15:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 01:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\agi
2008-08-14 21:41 327,680 ----a-w C:\WINDOWS\system32\pythoncom25.dll
2008-08-14 21:41 2,113,536 ----a-w C:\WINDOWS\system32\python25.dll
2008-08-14 21:41 102,400 ----a-w C:\WINDOWS\system32\pywintypes25.dll
2008-08-14 21:41 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-08-14 21:41 --------- d-----w C:\Program Files\AGI
2008-08-14 21:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\agi
2008-08-14 21:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi
2008-08-14 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\agi
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 18:27 33,576 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "C:\Program Files\agi\common\_agcutils.pyd" [2008-06-20 39936]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-06-27 20:28 269456 --a------ C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll" [2008-06-27 269456]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll" [2008-06-27 269456]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-08-08 1109504]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-15 26112]
"Quick Macros"="C:\Program Files\Quick Macros 2\qm.exe" [2006-06-15 1282048]
"HostManager"="C:\Program Files\Common Files\AOL\1199825891\ee\AOLSoftware.exe" [2007-10-08 41824]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe" [2008-06-27 52360]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [2008-09-22 91648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-03 1234712]
"nwiz"="nwiz.exe" [2005-09-18 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 41824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qhaxdc.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqNFVNd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1199825891\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1199825891\\ee\\AOLDesktop.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Odds Maker\\client.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\WORK START\\yahoo responding\\YahooMailer-1[1].2.0.597.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-01 97928]
R2 AGWinService;AG Windows Service;C:\Program Files\agi\common\agservice.exe [2008-06-30 21504]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-01 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-01 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-01 76040]
S2 r_server;Remote Administrator Service;C:\WINDOWS\system32\r_server.exe [ ]
S3 qmphook;QM process triggers;c:\program files\quick macros 2\qmphook.sys [2005-10-19 4096]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.gateway.com/g/startpage.html ... P&M=GT4016
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyServer = socks=limelitekarolyn:8500
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
C:\WINDOWS\Downloaded Program Files\OSDED4D.OSD
C:\WINDOWS\Downloaded Program Files\InstallerControl.dll

O16 -: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/Ac ... Player.cab
C:\WINDOWS\Downloaded Program Files\AccountingPlayer.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 11:17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Gamevance = C:\Program Files\Gamevance\gamevance32.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-06 11:18:25
ComboFix-quarantined-files.txt 2008-10-06 16:18:24
ComboFix2.txt 2008-10-06 16:04:18

Pre-Run: 176,647,544,832 bytes free
Post-Run: 176,613,646,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

229 --- E O F --- 2008-10-01 16:05:34




-------------------------------------------------------------------------------------------------


Here is the new Hyjackthis log:


Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bodog Poker Version 2.16.1.52
Browser Address Error Redirector
Digital Media Reader
DVD Solution
Full Tilt Poker
Gamevance
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kiwee Toolbar
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
OpenOffice.org Installer 1.0
Pegasus Software SmartScanICR 3.0
PokerStars
Power2Go 4.0
PowerDVD
Quick Macros 2
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Remote Administrator v2.1
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
Sonic Encoders
Swarmcast for MLB-TV-Mosaic
TextPad 4.7
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Window Washer
Windows Backup Utility
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 7th, 2008, 7:13 am

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
C:\Documents and Settings\Guest\~.exe
C:\WINDOWS\system32\dforoxen.ini
C:\WINDOWS\system32\yaKmmUvw.ini
C:\WINDOWS\system32\yaKmmUvw.ini2
C:\WINDOWS\system32\lhydglqx.dll
C:\WINDOWS\system32\icumaz.dll
C:\WINDOWS\system32\awkaljxt.ini
C:\WINDOWS\system32\bvrwfekf.ini
C:\WINDOWS\system32\ywkbdvbu.dll
C:\WINDOWS\system32\emuymr.dll
C:\WINDOWS\system32\einikbln.dll
C:\WINDOWS\system32\xithpyth.ini
C:\WINDOWS\system32\vbakihxg.ini
C:\WINDOWS\BMaf41802f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aotkuorl.ini
C:\WINDOWS\system32\dNVFNqss.ini2
C:\WINDOWS\system32\dNVFNqss.ini

Folder::
C:\Program Files\LimeWire
C:\Documents and Settings\Owner\Application Data\LimeWire

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 




Save it to your desktop as CFScript.txt

Refering to the picture below, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Please post the CFScript, the Malwarebyte's log, and a new Hijackthis log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 7th, 2008, 12:35 pm

Ok i did everything you told me to do. When i ran the Combofix when i dragged the CFScript.txt into it and it produced a log, it automatically restarted my computer and when it rebooted i somehow lost the CFScript.txt notepad off my desktop and cannot locate it. But here are the 2 other logs that you asked for:

Malwarebytes' Anti-Malware 1.28
Database version: 1240
Windows 5.1.2600 Service Pack 3

10/7/2008 11:02:08 AM
mbam-log-2008-10-07 (11-02-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 137584
Time elapsed: 51 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevance.linker (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevance.linker.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.

Files Infected:
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP900\A0043717.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP900\A0043710.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP900\A0043711.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP900\A0043712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP900\A0043713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\einikbln.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\emuymr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\icumaz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lhydglqx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ywkbdvbu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.


------------------------------------------------------------------------------------------------


Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bodog Poker Version 2.16.1.52
Browser Address Error Redirector
Digital Media Reader
DVD Solution
Full Tilt Poker
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kiwee Toolbar
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
OpenOffice.org Installer 1.0
Pegasus Software SmartScanICR 3.0
PokerStars
Power2Go 4.0
PowerDVD
Quick Macros 2
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Remote Administrator v2.1
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
Sonic Encoders
Swarmcast for MLB-TV-Mosaic
TextPad 4.7
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Window Washer
Windows Backup Utility
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 8th, 2008, 7:11 am

The ComboFix log can be found at

C:\ComboFix.txt

Please post a Hijackthis log, in your previous post, you posted an uninstall list.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 8th, 2008, 12:51 pm

Sorry about that Mike. Here is the hijack log and combofix log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:58 AM, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Quick Macros 2\qm.exe
C:\Program Files\Common Files\AOL\1199825891\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1199825891\ee\AOLDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
\Emachine\c\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GT4016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=66.29.30.21:8500
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199825891\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Owner\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Up ... b57176.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/Ac ... Player.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-L ... uncher.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b75411.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\agi\common\agservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 12806 bytes
-----------------------------------------------------------------------------------------

ComboFix 08-10-06.06 - Owner 2008-10-07 9:46:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.373 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Guest\~.exe
C:\WINDOWS\BMaf41802f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aotkuorl.ini
C:\WINDOWS\system32\awkaljxt.ini
C:\WINDOWS\system32\bvrwfekf.ini
C:\WINDOWS\system32\dforoxen.ini
C:\WINDOWS\system32\dNVFNqss.ini
C:\WINDOWS\system32\dNVFNqss.ini2
C:\WINDOWS\system32\einikbln.dll
C:\WINDOWS\system32\emuymr.dll
C:\WINDOWS\system32\icumaz.dll
C:\WINDOWS\system32\lhydglqx.dll
C:\WINDOWS\system32\vbakihxg.ini
C:\WINDOWS\system32\xithpyth.ini
C:\WINDOWS\system32\yaKmmUvw.ini
C:\WINDOWS\system32\yaKmmUvw.ini2
C:\WINDOWS\system32\ywkbdvbu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\~.exe
C:\Documents and Settings\Owner\Application Data\LimeWire
C:\Documents and Settings\Owner\Application Data\LimeWire\414splashfree.png
C:\Documents and Settings\Owner\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Owner\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Owner\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Owner\Application Data\LimeWire\filters.props
C:\Documents and Settings\Owner\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Owner\Application Data\LimeWire\installation.props
C:\Documents and Settings\Owner\Application Data\LimeWire\library.dat
C:\Documents and Settings\Owner\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Owner\Application Data\LimeWire\mojito.props
C:\Documents and Settings\Owner\Application Data\LimeWire\questions.props
C:\Documents and Settings\Owner\Application Data\LimeWire\responses.cache
C:\Documents and Settings\Owner\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Owner\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Owner\Application Data\LimeWire\tables.props
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\splashpro.png
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Owner\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\Owner\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\Owner\Application Data\LimeWire\version.xml
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\data\audio.sxml
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\schemas\video.xsd
C:\Program Files\LimeWire
C:\Program Files\LimeWire\aopalliance.pack
C:\Program Files\LimeWire\clink.pack
C:\Program Files\LimeWire\commons-httpclient.pack
C:\Program Files\LimeWire\commons-logging.pack
C:\Program Files\LimeWire\commons-net.pack
C:\Program Files\LimeWire\commons-pool.pack
C:\Program Files\LimeWire\daap.pack
C:\Program Files\LimeWire\forms.pack
C:\Program Files\LimeWire\foxtrot.pack
C:\Program Files\LimeWire\gettext-commons.pack
C:\Program Files\LimeWire\guice-1.0.pack
C:\Program Files\LimeWire\httpcore-nio.pack
C:\Program Files\LimeWire\httpcore.pack
C:\Program Files\LimeWire\icu4j.pack
C:\Program Files\LimeWire\id3v2.pack
C:\Program Files\LimeWire\jcraft.pack
C:\Program Files\LimeWire\jdic.pack
C:\Program Files\LimeWire\jdic_stub.pack
C:\Program Files\LimeWire\jflac.pack
C:\Program Files\LimeWire\jl.pack
C:\Program Files\LimeWire\jmdns.pack
C:\Program Files\LimeWire\jogg.pack
C:\Program Files\LimeWire\jorbis.pack
C:\Program Files\LimeWire\lib\UnpackedJars.7z
C:\Program Files\LimeWire\LimeWire.jar.tmp
C:\Program Files\LimeWire\log4j.pack
C:\Program Files\LimeWire\looks.pack
C:\Program Files\LimeWire\messages.pack
C:\Program Files\LimeWire\mp3spi.pack
C:\Program Files\LimeWire\ProgressTabs.pack
C:\Program Files\LimeWire\swt.pack
C:\Program Files\LimeWire\themes.pack
C:\Program Files\LimeWire\tritonus.pack
C:\Program Files\LimeWire\vorbisspi.pack
C:\WINDOWS\BMaf41802f.txt
C:\WINDOWS\BMaf41802f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aotkuorl.ini
C:\WINDOWS\system32\awkaljxt.ini
C:\WINDOWS\system32\bvrwfekf.ini
C:\WINDOWS\system32\dforoxen.ini
C:\WINDOWS\system32\dNVFNqss.ini
C:\WINDOWS\system32\dNVFNqss.ini2
C:\WINDOWS\system32\einikbln.dll
C:\WINDOWS\system32\emuymr.dll
C:\WINDOWS\system32\icumaz.dll
C:\WINDOWS\system32\lhydglqx.dll
C:\WINDOWS\system32\vbakihxg.ini
C:\WINDOWS\system32\xithpyth.ini
C:\WINDOWS\system32\yaKmmUvw.ini
C:\WINDOWS\system32\yaKmmUvw.ini2
C:\WINDOWS\system32\ywkbdvbu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-04 11:14 . 2008-10-04 11:15 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Move Networks
2008-10-01 12:35 . 2008-10-05 12:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-01 12:27 . 2008-10-07 09:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-01 12:27 . 2008-10-01 12:27 <DIR> d-------- C:\Program Files\AVG
2008-10-01 12:27 . 2008-10-01 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 12:27 . 2008-10-01 12:27 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-01 12:27 . 2008-10-01 12:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-01 12:27 . 2008-10-01 12:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-01 11:42 . 2008-10-01 11:42 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-01 11:42 . 2008-10-01 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-01 11:41 . 2008-10-01 11:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-25 12:47 . 2008-10-07 08:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-09-25 12:47 . 2008-09-25 12:47 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-25 12:43 . 2008-09-25 12:43 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-25 12:40 . 2008-09-25 12:40 <DIR> d-------- C:\Program Files\Sun
2008-09-22 22:14 . 2008-09-22 22:14 <DIR> d-------- C:\Program Files\Gamevance
2008-09-16 16:11 . 2008-09-25 16:32 <DIR> d-------- C:\Program Files\Bodog Poker
2008-09-15 14:11 . 2008-09-25 12:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-13 10:16 . 2008-09-13 10:16 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\agi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 14:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-10-07 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-03 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-10-02 17:47 --------- d-----w C:\Program Files\Radmin
2008-10-02 01:14 --------- d-----w C:\Program Files\Hotmail Reader
2008-10-02 01:10 --------- d-----w C:\Program Files\AFF Mail Reader OCR
2008-09-28 03:39 --------- d-----w C:\Program Files\PokerStars
2008-09-28 03:38 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 17:43 --------- d-----w C:\Program Files\Skype
2008-09-25 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-25 17:40 --------- d-----w C:\Program Files\Java
2008-09-09 21:33 --------- d-----w C:\Program Files\Microsoft Works
2008-08-26 03:01 --------- d-----w C:\Program Files\Odds Maker
2008-08-20 15:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 01:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\agi
2008-08-14 21:41 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-08-14 21:41 --------- d-----w C:\Program Files\AGI
2008-08-14 21:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\agi
2008-08-14 21:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi
2008-08-14 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\agi
2008-07-11 18:27 33,576 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-10-06_11.03.55.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-10-07 14:57:12 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_848.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "C:\Program Files\agi\common\_agcutils.pyd" [2008-06-20 39936]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-06-27 20:28 269456 --a------ C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll" [2008-06-27 269456]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll" [2008-06-27 269456]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-08-08 1109504]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-15 26112]
"Quick Macros"="C:\Program Files\Quick Macros 2\qm.exe" [2006-06-15 1282048]
"HostManager"="C:\Program Files\Common Files\AOL\1199825891\ee\AOLSoftware.exe" [2007-10-08 41824]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe" [2008-06-27 52360]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [2008-09-22 91648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-03 1234712]
"nwiz"="nwiz.exe" [2005-09-18 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 41824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qhaxdc.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1199825891\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1199825891\\ee\\AOLDesktop.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Odds Maker\\client.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\WORK START\\yahoo responding\\YahooMailer-1[1].2.0.597.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-01 97928]
R2 AGWinService;AG Windows Service;C:\Program Files\agi\common\agservice.exe [2008-06-30 21504]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-01 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-01 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-01 76040]
S3 qmphook;QM process triggers;c:\program files\quick macros 2\qmphook.sys [2005-10-19 4096]
.
Contents of the 'Scheduled Tasks' folder

2008-10-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 09:52:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1199825891\ee\AOLDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-10-07 10:02:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 15:02:30
ComboFix2.txt 2008-10-06 16:18:27
ComboFix3.txt 2008-10-06 16:04:18

Pre-Run: 176,016,760,832 bytes free
Post-Run: 175,932,252,160 bytes free

338 --- E O F --- 2008-10-07 15:00:21
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 9th, 2008, 7:07 am

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I have some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional.

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

  • Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
    • Go to Start
    • Click on Run
    • Type ComboFix /u (Note: This command is case sensitive.)

      I recommend that you keep Malwarebyte's AntiMalware, it is a great scanner.

    You may delete any logs left on the desktop.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox << Most used, I use this one myself.
    Opera
  • Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
    Help! My computer is slow
    Slow Computer? Check here first; it may not be malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby abkeeno » October 9th, 2008, 9:36 pm

Michael-

I cant thank you enough for helping me get my computer back in working order. You guys have a great service and make it really easy to follow instructions. You guys could easily charge hundreds of dollars for that type of service but do it for free and again i can not thank you enough. Take care and God Bless.

-Brett
abkeeno
Regular Member
 
Posts: 16
Joined: October 1st, 2008, 2:15 pm

Re: Slow computer, cant view web pages, random pop ups........

Unread postby MikeSwim07 » October 10th, 2008, 7:09 am

Your Welcome :D
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Slow computer, cant view web pages, random pop ups........

Unread postby Shaba » October 11th, 2008, 5:55 am

abkeeno this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware